Secure SSH ciphers in Solarwinds NCM??

The SSH ciphers that are currently available in NCM are all flagged as a warning or as unsafe by the SSH-Audit tool that many security teams use to evaluate an environment. This means that we have to configure our nodes to use less secure options if we want to back up configs via Solarwinds or if we want to do anything with NCM at all. I work for a large financial company and have been told that I need to either get my nodes configured in a secure manner and that may mean that we have to stop using NCM. I am wondering what other customers are doing in this situation. I have been told that many government agencies use Solarwinds and I can't imagine that they are permitted to use less secure configurations.

Top Replies

gwarn70 over 1 year ago +2

We are having similar problems where the supported ciphers don't work with the firewall configuration requirements our security team has provided guidance on. Would be great if Solarwinds could leverage…

Parents

gwarn70 over 1 year ago

We are having similar problems where the supported ciphers don't work with the firewall configuration requirements our security team has provided guidance on. Would be great if Solarwinds could leverage PUTTY or similar SSH client and could be updated independent of application to provide support for more secure protocols between version upgrades.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Cancel

Reply

gwarn70 over 1 year ago

We are having similar problems where the supported ciphers don't work with the firewall configuration requirements our security team has provided guidance on. Would be great if Solarwinds could leverage PUTTY or similar SSH client and could be updated independent of application to provide support for more secure protocols between version upgrades.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Cancel

Children

bshopp over 1 year ago in reply to gwarn70

We do leverage a third party component here - SSH component (C#, VB.NET) for .NET, SSH library, Rlogin and Telnet component for .NET (VB.NET, C#) (weonlydo.com). Send me the details and ciphers you are having issues with and I can look into further.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
rjones-uk 10 months ago in reply to bshopp

Hi, I have issues where a device requires ecdsa-sha2-mistp256/384/521 host key algorithms.
Is there a file I can edit to choose what NCM (Weonlydo) uses ?

I looked at the Weonlydo website and it looks to be configurable.

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel